Something I noticed today that sounds useful , havent tried it yet , but their other free software is pretty good.
ARPCache Viewer
A Look into this Secret, Undocumented section of the Registry.
What is ARPCache?
ARPCache is a secret, undocumented section of the registry used to store information for Add/Remove Program items in the latest versions of Windows.
If you open Add/Remove Programs in the newer versions of Windows, you will notice that certain information has been added, such as, size, frequency of use, and last used on.
This data is kept in binary files in the ARPCache of the registry, which means that even if you know where it is in the registry, you probably will not be able to read it. ARPCache Viewer deciphers the binary files and shows you what is in each entry.
ARPCache is not ARP Cache
Some people have mistakenly confused this ARPCache (which obviously stands for Add Remove Programs Cache) with the documented ARP (which stands for Address Resolution Protocol) Cache of the Windows operating system.
The documented ARP has to do with resolving IP addresses across networks. This has nothing to do with the ARPCache in the registry.
The Dirt Behind ARPCache
A problem with the ARPCache is that Windows automatically adds to this storage area but it does not automatically remove items when they are uninstalled. The ARPCache can be used to clean out the ARPCache or a good registry cleaner, like, RegVac, can be used.
http://superwin.com/farpcache.htm
Full Version: ARPCache
Thank you!!
Looks good. Another annoying thing is leftover icons from past programs in the WinXP Notification Area List. If you run with inactive icons hidden (or not) you may have several possibly incriminating orphan icons in the "Past Items" area (scroll down) of the Customize... button area.
"But I swear dear, I have no idea how that PornSnatcher thing got there!..." lol
And it doesn't take a forensic expert to stumble across it; it's in the "Taskbar and Start Menu Properties" "Taskbar" tab at the bottom.
There is a procedure for getting rid of them that involves deleting registry keys (a red flag should go up here. Always backup your keys before you change anything!)
Click Start > Run > Regedit
Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify
Delete the IconStreams and PastIconsStream values.
(Now burp the desktop!)
Open Task Manager, click Processes tab, click Explorer.exe, then click End Process.
Still in Task Manager, click File, click New Task, type explorer, then click OK.
(I HOPE you only have ONE explorer.exe on your system and that it is in something like C:\WINDOWS.)
(Explorer is the default Windows shell. If the exact path to Explorer.exe is not specified, another program with the same name could be started if it is on c:\ disk or in one of the PATH directories. Although this seems to be less of an issue nowadays. I usually just browse to explorer.exe myself.)
The contents of the C:\WINDOWS\Installer folder can be facinating as well, but you're on your own there. Always back it up before you tweak it and
never, ever, approach a computer and say (or even think) "I will just do this one little simple thing quickly..."
--CF
"But I swear dear, I have no idea how that PornSnatcher thing got there!..." lol
And it doesn't take a forensic expert to stumble across it; it's in the "Taskbar and Start Menu Properties" "Taskbar" tab at the bottom.
There is a procedure for getting rid of them that involves deleting registry keys (a red flag should go up here. Always backup your keys before you change anything!)
Click Start > Run > Regedit
Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify
Delete the IconStreams and PastIconsStream values.
(Now burp the desktop!)
Open Task Manager, click Processes tab, click Explorer.exe, then click End Process.
Still in Task Manager, click File, click New Task, type explorer, then click OK.
(I HOPE you only have ONE explorer.exe on your system and that it is in something like C:\WINDOWS.)
(Explorer is the default Windows shell. If the exact path to Explorer.exe is not specified, another program with the same name could be started if it is on c:\ disk or in one of the PATH directories. Although this seems to be less of an issue nowadays. I usually just browse to explorer.exe myself.)
The contents of the C:\WINDOWS\Installer folder can be facinating as well, but you're on your own there. Always back it up before you tweak it and
never, ever, approach a computer and say (or even think) "I will just do this one little simple thing quickly..."
--CF
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.